As of September 2019, PSD2 (the European Payment Services Directive) requires entities that do business in the European Economic Area (“EEA”) to use Strong Customer Authentication (“SCA”) when accepting card payments from card issuers and banks in the EEA.
What is Strong Customer Authentication (SCA)?
Strong Customer Authentication is a regulation that adds new requirements to how a European business verifies its European customers before accepting their purchase. The SCA requirement is designed to strengthen the security of online payments made via card or bank account. Usually, this authentication is carried out by requesting two pieces of information:
- Information that only the cardholder knows (such as a PIN), and
- Information that only the cardholder has access to (such as an SMS verification code).
Practically speaking, this means that businesses required to implement SCA will likely need to add an additional step to their checkout process if they have not previously adopted permissible dual-authentication. Currently, SCA is only required when both the business’ and the customer’s bank are located in the European Economic Area (EEA). In other words, if your business is based in the U.S. or another non-EEA area, and your bank is not located in the EEA, then you probably don’t have to worry about this regulation, even if you’re serving customers in the EEA. Nonetheless, it’s always a good idea to consult your legal counsel if you’re unsure.
What Do SCA Regulations Mean for ClickFunnels Users?
For our users whose businesses are going to be impacted by the new SCA regulation, we’ve made it very easy to implement SCA using Stripe — you can see our step-by-step doc to setting up compliant checkout processes over here and you might also look at Stripe’s breakdown over here of what they’ve done to comply with these new regulations.